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IN THE CLAIMS 

What is claimed is: 

1. A system for authenticating a subject residing in a subject domain on a network to a 
jffj\ server application residing in a server domain on the network, wherein an authentication 

an authentication domain on the network affects the service provided by 
the system comprising: 
a client for co/nmunicating with other components of the system and for authenticating 
the subject to other components of the system by providing a client name 
assertion on behalf of the subject, wherein said client also resides in the subject 
domain; and 

a protocol pre xy for communicating between said client and the authentication 

meche nism and for authenticating said client based on said client name assertion, 
aining from the authentication mechanism credentials for said client to 
the server application, and for creating from said credentials an 
tication name assertion allowing said client to access the server application. 
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set is non-human and said client is integrated into the subject; and 
said client gathers subject credentials for the subject and communicates said subject 
credentials to said protocol proxy. 



3. The 
on the network 
an agent 



4. The s> 
a specification 
to said agent. 



system of claim 1, wherein a plurality of the authentication mechanisms are present 
and the system further comprising: 

for communicating with other components of the system and for interacting with 
said client to chose an appropriate authentication mechanism from among said 
plurality of the authentication mechanisms, wherein said agent resides in an agent 
domain on the network. 



stem of claim 3, wherein said client interacts with said protocol proxy to determine 
of the authentication mechanism and said client communicates said specification 
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1 5. The system of claim/3, wherein said client includes a callback mechanism for 

2 determining said appropriate authentication mechanism for the server application from among 

3 said plurality of the authentication mechanisms. 

1 6. The system of claim 5, wherein said callback mechanism interacts with the subject to 

2 determine said appropriate authentication mechanism. 
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7. The system of claim 5, wherein said callback mechanism accesses a configuration 
repository to determine said appropriate authentication mechanism. 

8. The system of claim 3, wherein said agent includes a mechanism resolver for determining 
from said plurality of the authentication mechanisms a subset of zero or more of the 
authentication mechanisms which affects the service provided by the server application. 
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9. The system of claim 8, wherein said agent further includes an authentication agent for 
brokering between said client and said mechanism resolver. 

10. The system of (claim 8, wherein said agent further includes a mechanism repository for 
storing information about said plurality of the authentication mechanisms and said mechanism 



resolver queries said 



authentication mecha lisms which affects the service provided by the server application. 



1 1 . The system o 
the authentication 
about itself. 



claim 10, wherein said agent further includes a mechanism registrator for 
mechanism to register in said mechanism repository by adding information 



12. The system o 
authentication 
about itself. 



lechanism repository when determining said subset of zero or more of the 



claim 1 1 , wherein said mechanism registrator is further for the 
mechslnism to update itself in said mechanism repository by changing information 
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13. The system of claim 4, wherern said protocol proxy resides in said agent domain on the 



network. 



*ein said protocol proxy resides in the authentication domain 



1 14. The system of claim 1, whe 

2 on the network. 



1 15. The system of claim 1, wherein said protocol proxy uses a standard security protocol to 

2 communicate with said client and/ a mechanism-specific protocol to communicate with the 

3 authentication mechanism. 

1 17. The system of claim l s wherein at least one of said client and said protocol proxy 

ft authenticates using SRP protocol. 



SI 18. The system of claim 1 , wherein said protocol proxy produces a signed name assertion. 

^1 19. The system of claim 1)8, wherein said signed name assertion is contained in a S2ML 
j32 document. 



^1 20. The system of claim/1 8, wherein said protocol proxy further produces a signed name 
^2 entitlement. 



1 21. The system of clair l 

2 authenticate itself to the c 



1 22. The system of claijn 

2 name assertion, recreating 

3 application based on said 



1 23. A method for 

2 server application residing 



1 , wherein said protocol proxy uses a proxy name assertion to 
ent. 



1, further comprising an adapter for receiving said authentication 
said credentials, and permitting said client to access the server 
redentials. 



authenticating a subject residing in a subject domain on a network to a 
in a server domain on the network, wherein an authentication 
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mechanism residing in an authentication domain on the network affects the service provided by 
the server application, the method comprising the steps: 

(a) authenticating the subject to a protocol proxy with a client by providing subject 

credentials on behalf of the subject; 

(b) obtaining a name assertion from said protocol proxy via the authentication mechanism 

which will allow said client to access the server application, thereby mediating 
between said protocol proxy and the authentication mechanism to permit the 
subject to access the server application via said client; 

(c) creating an authentication name assertion with said protocol proxy based on said 

subject credentials which will allow said client to access the server application; 

(d) communicating said authentication name assertion to said client; and 

(e) communicating said authentication name assertion to the server application. 

24. The method of claim E3, wherein the subject is non-human and said client is integrated 
into the subject, and the method further comprising: 

gathering said subject credentials with said client for the subject; and 

communicating saiq subject credentials to said protocol proxy. 
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25. The method of dawn 23, wherein a plurality of the authentication mechanisms are present 
on the network, and the method further comprising: 

interacting between said client and an agent to chose an appropriate authentication 

mechanism from among said plurality of the authentication mechanisms, wherein 

said ageni resides in an agent domain on the network. 



26. The method of c 
interacting betw 



aim 25, further comprising: 

:en said client and said protocol proxy to determine a specification of the 
authenti4ation mechanism; and 
communicating feaid specification with said client to said agent. 
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27. The method of claim 25, further comprising determining an appropriate authentication 
mechanism for accessing the servey application from among said plurality of the authentication 
mechanisms. 



28. The method of claim 27, further comprising interacting with the subject to determine said 
appropriate authentication mechalnism. 

29. The method of claim 27, further comprising accessing a configuration repository to 
determine said appropriate authentication mechanism. 

30. The method of claim 2% further comprising: 

(f) resolving from said plurality of the authentication mechanisms a subset of zero or 

more of the authentication mechanisms which affects the service provided by the 
server application. 

31. The method of claim BO, wherein said agent further includes an authentication agent, and 
the method further comprising: 

brokering between md authentication agent and said client in said step (f). 

32. The method of claim 30, wherein said agent domain further includes a mechanism 
repository, and the method further comprising: 

storing information about said plurality of the authentication mechanisms in said 

mechanism repository; and 
querying said mechanism repository in said step (f). 



33. The method of clfaim 32, further comprising registering the authentication mechanism in 
said mechanism repository by adding information about the authentication mechanism. 



34. The method of c 
network. 



aim 25, wherein said protocol proxy resides in said agent domain on the 
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1 35. The method of claim 23, Avherein said protocol proxy resides in the authentication 

2 domain on the network. / 



1 36. The method of claim 2: , wherein said protocol proxy uses a standard security protocol to 

2 communicate with said client zfnd a mechanism-specific protocol to communicate with the 

3 authentication mechanism. 



1 37. The method of claim 23, wherein at least one of said client and said protocol proxy 

2 authenticates using SRP protocol. 

1 38. The method of claim 23, wherein said protocol proxy produces a signed name assertion. 
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39. The method of claipi 38, wherein said signed name assertion is contained in a S2ML 
document. 

40. The method of cl^im 38, wherein said protocol proxy further produces a signed name 
entitlement. 

41 . The method of cflaim 23, wherein said protocol proxy uses a proxy name assertion to 
authenticate itself to the client. 



1 42. The method of/claim 23, further comprising an adapter, and the method further 

2 comprising: 

authentication name assertion with said adapter; 
credentials with said adapter; and 



receiving said 
recreating said 



permitting saiid client to access the server application based on said credentials. 



